Author Topic: Help! I tihnk i have an email worm  (Read 1296 times)

Doogee

  • VIP
  • Member
  • ***
  • Posts: 774
  • Kudos: 109
    • http://m-db.info
Help! I tihnk i have an email worm
« on: 18 December 2002, 11:38 »
Hey im very worried!

I use kmail and lately ive been getting some very email responses, one of which is:

RE: CST96808917ID - OnmouseOut

From:
"MSN Customer Support" <[email protected]>


To:
<[email protected]>


Date:
Mon, 16 Dec 2002 00:09:06 -0800


Thank you for your e-mail message to MSN webmaster. We would like to
assist you with your question and request you go to the appropriate link
below for the product you are inquiring about. The link will take you
directly to that product's online help with instructions on how you may
contact us directly. This will provide you the timeliest response.

For MSN Internet Access, go to http://support.msn.com.

For Hotmail, go to http://www.hotmail.com, then click "Help" on the
upper middle part of your screen.

For MSN Messenger, go to http://messenger.microsoft.com, select the
applicable Messenger client on the left navigation bar, then click
"Help."

For MSN Games, go to http://zone.msn.com/services/support.asp.

For MSN MoneyCentral, go to
http://moneycentral.msn.com/help/techsup.asp?cat=0.

For Microsoft Passport, go to
http://www.passport.com/Consumer/ConsumerQA.asp?lc=1033.

For Microsoft software applications such as Office or Windows, go to
http://support.microsoft.com/default.aspx.

For MSN Groups, Member Directory or support for files you have saved to
MSN, go to http://groups.msn.com, then click "Help" on the upper middle
part of your screen.

For MSN Chat, go to http://chat.msn.com/default.msnw, then click "Help"
on the upper middle part of your screen.

For MSNBC, go to http://www.msnbc.com/m/info/help.asp.

For MSN Entertainment, go to http://entertainment.msn.com, then click
"Help" on the upper right part of your screen.

For MSN Search, go to http://search.msn.com, then click "Help" on the
upper right part of your screen.

For help with MSN.com or any other MSN property not mentioned above, go
to http://www.msn.com, then click "Help" on the upper right-hand part of
your screen.

This is an unmonitored e-mail address so please be sure to go to one of
the links above.

We value your business and thank you for using the Microsoft network of
web sites.

--- Original Message ---
From: [email protected]
To: [email protected]
Sent: Dec 15 2002 11:53PM
Subject: OnmouseOut


Im very very worried about this, why am i emailing Microsoft? i never emailed those cockheads

Help me!!!

Calum

  • Global Moderator
  • Member
  • ***
  • Posts: 7,812
  • Kudos: 1000
    • Calum Carlyle's music
Help! I tihnk i have an email worm
« Reply #1 on: 18 December 2002, 12:44 »
maybe it's deliberate spam on their part?

Maybe they are hoping you will click on a link and then when you try to get their 'great features' and all that crap, it will only work for you if you have windows (since microsoft don't seem to be capable of writing phone-home programs for linux).
visit these websites and make yourself happy forever:
It's my music! | My music on MySpace | Integrational Polytheism

Doogee

  • VIP
  • Member
  • ***
  • Posts: 774
  • Kudos: 109
    • http://m-db.info
Help! I tihnk i have an email worm
« Reply #2 on: 18 December 2002, 13:44 »
well, i dont have windows AT ALL on my computer but i have had some other emails aswell. Observe:

Undeliverable mail--"gopopup()"

From:
postmaster <[email protected]>


To:
[email protected]


Date:
Sat, 14 Dec 2002 08:48:38 +0000 (UTC)


<HTML><HEAD></HEAD><BODY>

<FONT>The following mail can't be sent to [email protected]:<br>
<br>
From: [email protected]<br>
To: [email protected]<br>
Subject: gopopup()<br>
The file is the original mail</FONT></BODY></HTML>

Geeol.scr

Attachment: 2

loading


-----------------


that is saying im trying to send attachments to some place!! i know these attachments cant affect me (they look like windows) but i AM NOT SENDING THESE EMAILS! What the flying crud is going on here????????????????????

Calum

  • Global Moderator
  • Member
  • ***
  • Posts: 7,812
  • Kudos: 1000
    • Calum Carlyle's music
Help! I tihnk i have an email worm
« Reply #3 on: 18 December 2002, 14:01 »
is somebody masquerading as you? by doctoring their header information to point back to you?

can somebody else verify how likely this is and what can be done about it?
visit these websites and make yourself happy forever:
It's my music! | My music on MySpace | Integrational Polytheism

Doogee

  • VIP
  • Member
  • ***
  • Posts: 774
  • Kudos: 109
    • http://m-db.info
Help! I tihnk i have an email worm
« Reply #4 on: 18 December 2002, 14:04 »
you mean like the anonymous email telnetting thing? or am i way off track here?

otice how they all seem to be script things (java or something)

notice : gopopup() and onMouseOut

voidmain

  • VIP
  • Member
  • ***
  • Posts: 5,605
  • Kudos: 184
    • http://voidmain.is-a-geek.net/
Help! I tihnk i have an email worm
« Reply #5 on: 18 December 2002, 19:24 »
It does look like a Windows virus. They typically send out *.SCR, *.EXE, *.BAT type of attachments. What it could be is a friend who has your email address in their Lookout Depress address book and their system has a virus that sends email and setting the reply-to: address to your email address (pulled from "their" address book). Some email servers that receive the message have detected a problem and bounce the message, however it gets bounced back to you and not the "real" sender of the message because your name was used as the From: and Reply-To:.

I have had smtp servers bounce mail back to me because spammers used my email address in the From headers.

If the rejected message happens to have the original header you might be able to track it down based on the IP address the original message came from (this *definitely* can be done in the logs of the SMTP server that bounced the message).

[ December 18, 2002: Message edited by: void main ]

Someone please remove this account. Thanks...

Doogee

  • VIP
  • Member
  • ***
  • Posts: 774
  • Kudos: 109
    • http://m-db.info
Help! I tihnk i have an email worm
« Reply #6 on: 19 December 2002, 15:58 »
i think i may know who it was. i know one person who uses lookout almost exclusively. what can i reccomend they do? they will NOT stop using lookout.

<edit>

i know excatcly who it is, the person uses pnc as there isp and look at this:

Received: from scan.pnc.com.au (scan.pnc.com.au [203.13.174.123])
   by mx2.punkass.com (Postfix) with SMTP id 3D1BA16
   for <[email protected]>; Sat, 14 Dec 2002 08:48:38 +0000 (UTC)

i may have to block this person till they stop using lookout.

</edit>

[ December 19, 2002: Message edited by: Got Doogee? ]


Calum

  • Global Moderator
  • Member
  • ***
  • Posts: 7,812
  • Kudos: 1000
    • Calum Carlyle's music
Help! I tihnk i have an email worm
« Reply #7 on: 19 December 2002, 22:50 »
good idea. nobody should be using lookout. I say that for 100% security reasons.
visit these websites and make yourself happy forever:
It's my music! | My music on MySpace | Integrational Polytheism

voidmain

  • VIP
  • Member
  • ***
  • Posts: 5,605
  • Kudos: 184
    • http://voidmain.is-a-geek.net/
Help! I tihnk i have an email worm
« Reply #8 on: 19 December 2002, 23:15 »
I would tell him he is responsible for masquerading as you on the Internet and that if he doesn't clean up his act you will sue his ass. Since he's running that Microsoft crap he will need to get some virus software and clean up his machine. And tell him that as long as he uses Lookout Depress that your name should be removed from his address book so you don't have to put up with his virus mail.
Someone please remove this account. Thanks...